diff --git a/salt/firewall/map.jinja b/salt/firewall/map.jinja
index b0c96de72..61f8215b8 100644
--- a/salt/firewall/map.jinja
+++ b/salt/firewall/map.jinja
@@ -1,5 +1,6 @@
 {% from 'vars/globals.map.jinja' import GLOBALS %}
 {% from 'docker/docker.map.jinja' import DOCKERMERGED %}
+{% from 'telegraf/map.jinja' import TELEGRAFMERGED %}
 {% import_yaml 'firewall/defaults.yaml' as FIREWALL_DEFAULT %}
 
 {# add our ip to self #}
@@ -56,7 +57,7 @@
 {% endif %}
 
 {# Open Postgres (5432) to minion hostgroups when Telegraf is configured to write to Postgres #}
-{% set TG_OUT = salt['pillar.get']('telegraf:output', 'BOTH') | upper %}
+{% set TG_OUT = TELEGRAFMERGED.output | upper %}
 {% if TG_OUT in ['POSTGRES', 'BOTH'] %}
 {%   if role.startswith('manager') or role == 'standalone' or role == 'eval' %}
 {%     for r in ['sensor', 'searchnode', 'heavynode', 'receiver', 'fleet', 'idh', 'desktop', 'import'] %}
diff --git a/salt/postgres/config.sls b/salt/postgres/config.sls
index 76a926d59..efa9dba93 100644
--- a/salt/postgres/config.sls
+++ b/salt/postgres/config.sls
@@ -65,11 +65,10 @@ postgresconf:
 postgreshba:
   file.managed:
     - name: /opt/so/conf/postgres/pg_hba.conf
-    - source: salt://postgres/files/pg_hba.conf.jinja
+    - source: salt://postgres/files/pg_hba.conf
     - user: 939
     - group: 939
     - mode: 640
-    - template: jinja
 
 postgres_super_secret:
   file.managed:
diff --git a/salt/postgres/files/pg_hba.conf.jinja b/salt/postgres/files/pg_hba.conf
similarity index 67%
rename from salt/postgres/files/pg_hba.conf.jinja
rename to salt/postgres/files/pg_hba.conf
index 1d6a22a04..e7d31c05f 100644
--- a/salt/postgres/files/pg_hba.conf.jinja
+++ b/salt/postgres/files/pg_hba.conf
@@ -1,7 +1,8 @@
-{# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
-   or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
-   https://securityonion.net/license; you may not use this file except in compliance with the
-   Elastic License 2.0. #}
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
+# https://securityonion.net/license; you may not use this file except in compliance with the
+# Elastic License 2.0.
+#
 # Managed by Salt — do not edit by hand.
 # Client authentication config: only local (Unix socket) connections and TLS-wrapped TCP
 # connections are accepted. Plain-text `host ...` lines are intentionally omitted so a
diff --git a/salt/postgres/telegraf_users.sls b/salt/postgres/telegraf_users.sls
index 6bcf0900c..8d718519c 100644
--- a/salt/postgres/telegraf_users.sls
+++ b/salt/postgres/telegraf_users.sls
@@ -6,8 +6,9 @@
 {% from 'allowed_states.map.jinja' import allowed_states %}
 {% if sls.split('.')[0] in allowed_states %}
 {%   from 'vars/globals.map.jinja' import GLOBALS %}
+{%   from 'telegraf/map.jinja' import TELEGRAFMERGED %}
 
-{% set TG_OUT = salt['pillar.get']('telegraf:output', 'BOTH') | upper %}
+{% set TG_OUT = TELEGRAFMERGED.output | upper %}
 {% if TG_OUT in ['POSTGRES', 'BOTH'] %}
 
 # docker_container.running returns as soon as the container starts, but on